The PCI Security Standards Council is without a general manager as the organization that establishes electronic-payments security standards prepares to go in a new direction with its leadership.

Out is Stephen W. Orfei, who joined the council in 2014 as general manager and replaced Bob Russo, the council’s original G.M. who retired that year.

Orfei’s departure came to light Wednesday in a press release from payments-encryption specialist Bluefin Payment Systems noting that he had joined its Product Advisory Council. The Wakefield, Mass.-based PCI Council had not issued a press release about Orfei’s departure, but it told council members about the change in June, it says.

The PCI Council says it now wants an executive director and not a general manager. “Stephen Orfei stepped down as PCI SSC general manager in June 2017, as a result of the PCI SSC Executive Committee’s decision to go in a new direction with PCI SSC leadership,” says a statement from the council to Digital Transactions News. “The general manager position is being eliminated in favor of a new executive director role that will focus on leading the senior team and driving the council’s strategic direction.”

The PCI Council continues that the executive director position “was a proper reflection of the nature of the position moving forward. We will have more to say about the role of the executive director when the hiring announcement is officially made.”

The council hired a professional search firm and hopes to have the executive director in place by the beginning of 2018. In the interim, the council’s Executive Committee continues to provide overall direction, while Mauro Lance, the council’s chief operating officer, is the acting executive director.

In other PCI Council news, the organization, which is holding its Europe Community Meeting in Barcelona, Spain, this week, announced two new security standards related to 3-D Secure, a fraud-prevention protocol for card-not-present transactions.

3-D Secure 2.0 was released a year ago, but card brand implementations are a ways off. Visa Inc. expects 3-D Secure 2.0 compliance to begin in April 2019, to give merchants and issuers time to test and refine their iterations of the standard.

“EMV 3DS solutions will make it increasingly difficult for criminals to obtain cardholder data (CHD) in online payment channels,” said PCI SSC International Director Jeremy King, in a press release. “As CNP fraud continues to be a challenge here in Europe and globally, PCI SSC is pleased to be able to provide support for the secure implementation of these solutions.”

The PCI Council cancelled its North America conference in September because of Hurricane Irma.